Linux kernel exploit gives hackers a back door

Users of 64-bit distributions of Linux need to patch to prevent attacks using an aggressively exploited flaw.

Linux is well-known for its security advantages over many other operating systems, but that doesn't mean it's immune to problems.

A Linux kernel flaw first discovered earlier this month, for example, gives hackers a way to not just gain root privileges in 64-bit Linux operating systems but also to leave a "back door" open for further exploitation later.

CVE-2010-3081, as the high-profile vulnerability is known, affects virtually all users of 64-bit Linux distributions, including RHEL, CentOS, Debian, Ubuntu, CloudLinux, SuSE and more. It was introduced into the Linux kernel back in 2008, and a hacker by the name of 'Ac1db1tch3z' last week published details on exploiting it.

Essentially, the vulnerability stems from a problem with the way the Linux kernel validates memory ranges when allocating memory on behalf of 32-bit system calls. The result was that on a 64-bit system, a local attacker could perform malicious multicast "getsockopt" calls to gain root privileges.

The vulnerability is not a problem on 32-bit Linux systems, which are immune to this particular exploit.

Ineffective Workarounds

Since the exploit was made public, multiple major Linux installations have reported hack attempts that tried to use it to gain superuser privileges, according to security firm Ksplice. Several temporary workarounds were published shortly thereafter for RHEL and others, but they did not fully fix the vulnerability; rather, modified versions of the exploit could still be used to gain access later.

Ksplice on Saturday released a tool to help Linux users determine whether their machines have already been exploited by looking for the exploit's signature "back door." Users of compromised systems should follow their standard incident-handling procedures, Ksplice said.

To fix the problem on uncompromised systems, meanwhile, users can take advantage of a no-cost, 30-day trial on Ksplice's "Uptrack" service, which will fix the vulnerability on production systems for free without having to reboot.

The Linux kernel has already been patched, and many affected Linux distributions have also released fixes, including Ubuntu, Red Hat, Debian and CentOS.

Another Kernel Flaw

Coincidentally, a second and similar Linux exploit known as CVE-2010-3301 was also recently discovered and fixed last week in the Linux kernel. That problem derived from the fact that the registers on 64-bit kernels were not correctly filtered when performing 32-bit system calls on a 64-bit system. This, too, could also allow local attackers to gain root privileges.

Ubuntu's Friday update addressed the CVE-2010-3301 exploit as well. RHEL is immune to this particular problem, while developers at Fedora,Debian and other distributions are currently working on addressing it.

In the meantime, users can also consider using the chkrootkit tool to help find signs of tampering.

Follow Katherine Noyes on Twitter: @Noyesk.

Join the PC World newsletter!

Error: Please check your email address.

Tags unixLinuxsecuritysoftwareoperating systemsnon-Windows

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Katherine Noyes

PC World (US online)

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?